CVE-2015-5018 Information

Description

IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3 and Security Access Manager 9.0 before 9.0.0.0 IF1 allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Reference

http://www.securitytracker.com/id/1034560 http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768 http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780 http://www-01.ibm.com/support/docview.wss?uid=swg21970510

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.0